Research And Implementation Of Malicious Domain Name Detection Technology

With the vigorous development of computers,the Internet has entered millions of households.At the same time,the malicious behavior of the Internet has gradually increased.Botnet is one of the most destructive malicious behaviors.It uses DGA(Domain Generated Algorithms)on a large scale.Once the host accesses the domain name generated by DGA and the domain name has been registered by the malicious server,the malicious server can easily communicate with the controlled botnet.There are many kinds of DGA.Recently,some literatures have proposed the DGA based on PCFG model.Under the test of existing detection methods,its anti-detection effect is very remarkable.Since there is no specific detection scheme for DGA based on PCFG model,this paper first studies the generation mechanism of PCFG-based domain names,then studies the characteristics of such DGA domain names.Research shows that the domain names generated by PCFG model are usually based on legal domain names,so the statistical characteristics of the domain names are similar to those of legal domain names.Moreover,the same PCFG model can generate many types of domain names,so it is difficult to extract appropriate features manually.According to the features of this kind of DGA a malicious domain name detection model based on convolutional neural network and Multi-head Attention mechanism is proposed.CNN network can extract key information of domain name manually by using convolution kernels of various sizes,while Multi-head Attention mechanism can obtain the potential relationship between the whole character sequence at one time,so that the model can extract deeper features of the character sequence.After that,comparative experiments were designed to verify the effect of Multi-head Attention mechanism in domain name detection,and to compare the effect of different types of neural networks in domain name detection.Experiments show that the malicious domain name detection model combined with neural network and Multi-head Attention mechanism has better detection effect for domain names based on PCFG model.Based on the malicious domain name detection model proposed in this paper,a malicious domain name detection system is constructed.The system can detect malicious domain names in real time and display them in time,and update the local malicious domain name database by using synchronization mechanism.Experiments show that the system can respond to malicious domain names in time,and the detection effect is better than the existing detection methods.